Return to BSD News archive
Newsgroups: comp.unix.bsd.freebsd.misc Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.cs.su.oz.au!metro!metro!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!disgorge.news.demon.net!demon!dispatch.news.demon.net!demon!rill.news.pipex.net!pipex!oleane!in2p3.fr!univ-lyon1.fr!fdn.fr!r2d2.fdn.org!sphynx.fdn.fr!causse From: causse@sphynx.fdn.fr (Philippe Causse) Subject: Re: New Installation X-Newsreader: TIN [version 1.2 PL2] Organization: individual - paris - france Message-ID: <EAnnr3.15v@sphynx.fdn.fr> References: <EAI42z.L80@nonexistent.com> <5m18gk$aq7@ui-gate.utell.co.uk> <33848701.953498@news.tiac.net> <EALpDE.1Fn@sphynx.fdn.fr> <5m4b59$p51@lace.colorado.edu> Date: Fri, 23 May 1997 22:28:15 GMT Lines: 21 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:41547 Frank Crary (fcrary@rintintin.Colorado.EDU) wrote: : Another problem is hiding a trojan horse. If the current directory : is in a user's path, someone could run their own code and have is : appear, in ``ps'' or ``top'' or whatever, as something like ``csh''. : Very few system administrators would be suspicious seeing ``csh'' : running for a long time, while they might wonder about ``./a.out'' : if it were active for days. Any skilled hacker knows how how to overwrite argv[0] on this purpose ! (hummm... I recognize having done that in the early days ;-p) It's even easier with FreeBSD's setproctitle() call ! : Frank Crary : CU Boulder -- ------------------------------------------------------------------- P. Causse http://www.fdn.fr/~pcausse 4.4BSD/X11R6/Motif-2.0/C++ mailto:causse@sphynx.fdn.fr (UUCP)